In today's world, electronic communication has reached a high level. Many parties, for example private persons, companies and official agencies, use electronic infrastructures such as the internet for communication. Frequently, it is desired that an electronic transaction, that is, an electronic exchange of data, be secure. Secure transactions may mean, for example, that a sender of a document can be identified in a reliable way or that the document is not readable by an unauthorized person intercepting a transmission of the document.
A very efficient way to provide aspects of the secure electronic transactions is the use of public key cryptography (PKC). PKC involves a PKC method and a pair of complementary keys that include a public key and a private key related to the public key. The PKC method and the keys may be selected so that it is impracticable to determine one of the complementary keys based on knowledge of the further complementary key. Examples for PKC methods or algorithms are RSA, named after inventors of the method, Rivest, Shamir, and Adelman or ElGamal. Usually, the public key is given to one or more parties and the private key is kept securely by one party and made inaccessible to a further party. Data in an electronic format can be encrypted using the PKC method and either the public key or the private key. Decryption of the encrypted data requires applying the PKC method with the complementary key to restore the data. Generally, PKC is considered to be secure. This means, the PKC method and the length of the complementary keys may be selected so that breaking the PKC may take a long time, for example more than 1000 years with today's available knowledge and computing resources.
Two basic applications for a procedure using the PKC are encryption and signing. An example of encryption is when a first party that is provided with a public key uses the public key for encrypting a document. The document is sent to a second party, and the second party decrypts the encrypted document with the private key. An example for signing is when a first party sends a message together with a signature. The signature is computed by encrypting data representing the message with the private key. A second party receiving the message and the signature may decrypt the signature with a public key that has been provided to the second party. The second party may compare the decrypted signature to the representation of the message and in case of identity may conclude that the signature has been computed by the first party that owns the authentic private key.
The PKC procedure relies on the fact that a party receives a public key and that the public key is provided by an authentic providing party. The PKC procedure may not be secure in case that a non-authentic party provides a non-authentic public key, even if the PKC method is secure. In the example of the encryption application, the non-authentic party may be able to read the document encrypted with the public key because the non-authentic party owns the related private key. In the example of the signing application, the non-authentic party may be able to send a non-authentic message with a signature that leads to a false conclusion that the message has been sent by the authentic party.